SonarQube Token
Description
General
- Documentation: https://docs.sonarqube.org/latest/extend/web-api/
- Summary: SonarQube is an open-source platform for continuous inspection of code quality and detection of code vulnerabilities. SonarQube provides a web API to access its functionalities from applications. This detector focuses on detecting the SaaS token format (which is scope-agnostic) and the on-prem prefixed user, global analysis and project analysis tokens used to authenticate API calls.
Revoke the secret
The tokens can be revoked from the security tab of accounts. For On-Premise instances of SonarQube go to User > My Account > Security and click on the Revoke button.
Details for SonarQube Token
-
Family: token
-
Category: code_analysis
-
Company: SonarQube
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 12.35
-
Prefixed: False
Details for SonarQube Token with Prefix
-
Family: token
-
Category: code_analysis
-
Company: SonarQube
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 9.01
-
Prefixed: False